OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Proposal for SignatureIdentifier-structure


Hallo all,

as briefly discussed during our last phone call, 
we need to define some generalization of the <dss:SignaturePtr>-element, 
which allows to identify a given signature in the verification
report - even if 
a) the <dss:InputDocuments>-element is not available anymore and/or
b) the signature is not based on XML-DSig. 

For this purpose I would propose - similar to the (certificate-) references 
defined in XAdES - a SignatureIdentifierType-structure, which 
- MUST contain the digest of the referenced signature (i.e. the <Signature>-element 
  or the SignerInfo-structure within some CMS-container (which in turn may be
  embedded in some pdf-document, etc.) and 
- MAY contain further information, which eases the identification of the
  signature by human users (=> SignedProperties element) or automated systems
  (=> WhichDocument, XPath, Offset attributes).

The SignedProperties-element SHOULD contain the SigningTime- and SigningCertificate-properties,
if available and MAY contain other properties, which aid identification.
The WhichDocument-attribute is useful as long as the <dss:InputDocuments> is 
available. The XPath-attribute identifies the signature within an XML-document.
The Offset-attribute points to the first byte of the signature within a
binary document and hence MAY facilitate the processing of non-XML-documents.

The entire structure would look as follows:

<complexType name="SignatureIdentifierType">
	<sequence>
		<element name="DigestAlgAndValue" type="XAdES:DigestAlgAndValueType" />
		<element name="SignedProperties" type="vr:SignedPropertiesType" maxOccurs="1" minOccurs="0" />
	</sequence>
	<attribute name="WhichDocument" type="IDREF" use="optional"/>
	<attribute name="XPath" type="string" use="optional"/>
	<attribute name="Offset" type="integer" use="optional"/>
</complexType>


Please let me know what you think about this proposal.

BR,
  Detlef
--
Dipl. Inform. (FH)
Dr. rer. nat. Detlef Hühnlein
Partner
secunet Security Networks AG
Sudetenstraße 16
96247 Michelau
Telefon +49 9571 896479
Mobil   +49 171  9754980
detlef.huehnlein@secunet.com
www.secunet.com
======================
Besuchen Sie uns auf der CeBIT 2008, 
4. - 9. März 2008, Halle 6 Stand J36
(www.cebit.de)
----------------------
und auf dem Managed Security Forum 2008
2. April in Frankfurt am Main
7. Mai in Düsseldorf
29. Mai in Hamburg
16. Juni in München
(www.managed-security-forum.org) 
Wir freuen uns auf interessante Gespräche mit Ihnen. 
======================
secunet Security Networks AG
Kronprinzenstr. 30
45128 Essen
Amtsgericht Essen HRB 13615

Vorstand:
Dr. Rainer Baumgart
Thomas Koelzer
Thomas Pleines

Aufsichtsratsvorsitzender:
Dr. Karsten Ottenberg

Diese E-mail kann vertrauliche Informationen enthalten. Falls Sie diese E-Mail irrtümlich erhalten haben, informieren Sie bitte unverzüglich den Absender und löschen Sie diese E-Mail von jedem Rechner, auch von den Mailservern. Jede Verbreitung des Inhalts, auch die teilweise Verbreitung, ist in diesem Fall untersagt. Außer bei Vorsatz oder grober Fahrlässigkeit schließen wir jegliche Haftung für Verluste oder Schäden aus, die durch Viren befallene Software oder E-Mails verursacht werden.

This e-mail may contain strictly confidential information and is intended for the person to which it is addressed only. Any dissemination, even partly, is prohibited. If you receive this e-mail by mistake, please contact the sender and delete this e-mail from your computer, including your mailserver.
Except in case of gross negligence or wilful misconduct we accept no liability for any loss or damage caused by software or e-mail viruses. 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]